quick script to customize the splunk hostname config for windows hosts

splunk_aws_hostname.ps1

Set-PSDebug -Off

# splunk service details
$splunkService = "SplunkForwarder"
# path to splunk configs
$splunk_serverconf = 'C:\Program Files\SplunkUniversalForwarder\etc\system\local\server.conf'
$splunk_inputsconf = 'C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf'


# get current computername
$computerName = $env:computername 
Write-Host "computer name: $computerName"

# get aws instance id
$instanceId = Invoke-WebRequest -Uri http://169.254.169.254/latest/meta-data/instance-id
$instanceId2 = $instanceId.ToString().Substring(2)
Write-Host "instance id: $instanceId2"

# get current splunk hostname from config file
$current_splunkHostname = Get-Content $splunk_serverconf | Select-String "serverName"
$current_splunkHostname = $current_splunkHostname.ToString().split("=")[1]
Write-Host "current splunk hostname: $current_splunkHostname"

# generate a new hostname (join current hostname with instance id)
$new_splunkHostname = $computerName+"-"+$instanceId.ToString().Substring(2)
Write-Host "generated splunk hostname:  $new_splunkHostname"


# if the generated current hostname and the generated hostname match
# there is nothing to do, so exit
if ($current_splunkHostname -match $new_splunkHostname)
{
    Write-Host "current hostname matches generated host name, nothing to do!"
    Exit
}
else {
    Write-Host "current hostname does not match generated hostname!"
}


# stop splunk service
Write-Host "stopping splunk service"
Stop-Service $splunkService

# wait for splunk service to stop
$targetStatus = "Stopped"
$svc_retries = 20 
do 
{
    $count = (Get-Service $splunkService | ? {$_.status -eq $targetStatus}).count
    $svc_retries--
    sleep -Milliseconds 600
} until ($count -eq 0 -or $svc_retries -eq 0)

# backup existing server.conf
$timeStamp = Get-Date -Format "yyyymmdd-hhmmss"
if((Test-Path $splunk_serverconf) )
{
    Write-Host "taking a backup of $splunk_serverconf"
    Copy-Item $splunk_serverconf -Destination $splunk_serverconf"."$timestamp

}
# backup existing inputs.conf
if((Test-Path $splunk_inputsconf) )
{
    Write-Host "taking a backup of $splunk_inputsconf"
    Copy-Item $splunk_inputsconf -Destination $splunk_inputsconf"."$timestamp

}


# clear config
Write-Host "executing 'splunk clone-prep-clear-config'"
& 'C:\Program Files\SplunkUniversalForwarder\bin\splunk' clone-prep-clear-config


# add our new hostname into 
Write-Host "add generated hostname to $splunk_serverconf"
(Get-Content $splunk_serverconf) | 
    Foreach-Object {
        $_ # send the current line to output
        if($_ -match ('^' + [regex]::Escape('[general]')))
        {
            #Add Lines after the selected pattern 
            "serverName = $new_splunkHostname"
        }
    } | Set-Content $splunk_serverconf




# pull the updated hostname from server.conf (verify)
$updated_splunkHostname2 = Get-Content $splunk_serverconf | Select-String "serverName"
$updated_splunkHostname2 = $updated_splunkHostname2.ToString().split("=")[1]
Write-Host "validate updated splunk hostname: $updated_splunkHostname2"


# start splunk service
Write-Host "starting splunk service"
Start-Service $splunkService

# wait for splunk service to start
$targetStatus = "Running"
$svc_retries = 20
do 
{
    $count = (Get-Service $splunkService | ? {$_.status -eq $targetStatus}).count
    $svc_retries--
    sleep -Milliseconds 600
} until ($count -eq 0 -or $svc_retries -eq 0)